package com.wutianyi.filter;

import java.io.IOException;
import java.io.Serializable;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.lang.StringUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.session.Session;

import com.wutianyi.constants.Constants;
import com.wutianyi.service.SecurityManager;
import com.wutianyi.utils.NetUtils;

public class SecurityFilter implements Filter {
	
	private static final String DEFAULT_P_USER_NAME = "username";
	private static final String DEFAULT_P_PASSWORD = "password";
	
	private static final String SESSION_COOKIE_NAME = "BLOGSESSIONID";
	
	private String pUsername = DEFAULT_P_USER_NAME;
	private String pPassword = DEFAULT_P_PASSWORD;
	private String login_url = "/form.html";
	
	private SecurityManager securityManager;
	
	@Override
	public void destroy() {
		// TODO Auto-generated method stub
		
	}
	
	@Override
	public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain)
			throws IOException, ServletException {
		try {
			HttpServletRequest request = (HttpServletRequest) req;
			HttpServletResponse response = (HttpServletResponse) resp;
			Cookie[] cookies = request.getCookies();
			Serializable sessionId = null;
			if (null != cookies) {
				for (Cookie cookie : cookies) {
					if (StringUtils.equals(cookie.getName(), SESSION_COOKIE_NAME)) {
						sessionId = cookie.getValue();
						break;
					}
				}
			}
			String username = NetUtils.getParameterString(request, pUsername, null);
			UsernamePasswordToken token = null;
			if (StringUtils.isNotBlank(username)) {
				token = new UsernamePasswordToken(username, NetUtils.getParameterString(request,
						pPassword, ""));
			}
			
			Session session = securityManager.doGetAuthenticationInfo(sessionId, token);
			if (null == session) {
				response.sendRedirect(login_url);
				return;
			}
			if (null == sessionId || !session.getId().equals(sessionId)) {
				Cookie cookie = new Cookie(SESSION_COOKIE_NAME, session.getId().toString());
				cookie.setMaxAge(3600);
				response.addCookie(cookie);
			}
			request.setAttribute(Constants.P_SESSION, session);
		} catch (Exception e) {

		}
		chain.doFilter(req, resp);
	}
	
	@Override
	public void init(FilterConfig config) throws ServletException {
		if (StringUtils.isNotBlank(config.getInitParameter(DEFAULT_P_USER_NAME))) {
			pUsername = config.getInitParameter(DEFAULT_P_USER_NAME);
		}
		if (StringUtils.isNotBlank(config.getInitParameter(DEFAULT_P_PASSWORD))) {
			pPassword = config.getInitParameter(DEFAULT_P_PASSWORD);
		}
		if (StringUtils.isNotBlank(config.getInitParameter("login_url"))) {
			login_url = config.getInitParameter("login_url");
		}
	}
	
	public SecurityManager getSecurityManager() {
		return securityManager;
	}
	
	public void setSecurityManager(SecurityManager securityManager) {
		this.securityManager = securityManager;
	}
	
	public String getpUsername() {
		return pUsername;
	}
	
	public void setpUsername(String pUsername) {
		this.pUsername = pUsername;
	}
	
	public String getpPassword() {
		return pPassword;
	}
	
	public void setpPassword(String pPassword) {
		this.pPassword = pPassword;
	}
	
	public String getLogin_url() {
		return login_url;
	}
	
	public void setLogin_url(String login_url) {
		this.login_url = login_url;
	}
	
}
